Articles about Malware

Cat from Cisco TV ad

Cisco tool IDs malware in the firmware

Cisco's moved on the “SYNful knock” vulnerability with a free tool letting admins test their routers for fudged firmware. The vulnerability emerged in August, when The Borg warned that its ROMMON firmware had been reverse-engineered. That meant a privileged user could flash routers with compromised versions. Within a month, …

Blacklists miss 90% of malware blogged IP love

Threat intelligence firm RecordedFuture says popular web blacklists are missing thousands of IP addresses linked to malware data theft. The Massachusetts company, which boasts it's scored four out of five "top companies in the world" as clients, says correlating IP addresses to malware references yields between a thousand and …
Darren Pauli, 12 Aug 2015
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

Malware links Russians to 7-year global cyberspy campaign

Security researchers have shone the spotlight on an ongoing campaign by Russian cyberspies to snoop on western governments and NGOs, as well as targets in Georgia, using the Dukes malware. The Dukes group of attackers employ a family of unique malware toolsets used to steal information by infiltrating computer networks, before …
John Leyden, 17 Sep 2015

Screenshot malware targeted innocent online poker players

Spyware is targeting users of the Full Tilt Poker and PokerStars online games – and it is said to allow cheats to get a sneaky advantage over honest players. The malware, named Odlanor, first checks if PokerStars or Full Tilt Poker is running before taking screenshots of the infected player’s virtual poker hand and their …
John Leyden, 18 Sep 2015
The fashion world’s most privileged urchin lounges in a luxury hotel in Paris, 1993. © Geoff Wilkinson/RexUSA

Hilton hotels in credit-card-stealing malware infection scare

Someone has hacked the Hilton's sales registers, and made off with guests' credit-card details, it's claimed. The hotel chain confirmed today it is investigating the alleged breach of its computer security. Investigative journo Brian Krebs says malware in point-of-sale (POS) terminals is believed to have nicked the card …
Shaun Nichols, 25 Sep 2015

XcodeGhost-infected apps open gates to malware hijacking

Palo Alto threat bod Claud Xiao says XcodeGhost-infected apps are open to man-in-the-middle attacks and contain a beachhead for other malware writers to attack devices. More than 4000 apps have been infected since developers downloaded a malicious copy of the Xcode iOS development tool through a file-sharing service. The …
Darren Pauli, 25 Sep 2015

Mac malware has a neat trick to install itself on OS X fans' machines

Mac malware that relied on a security exploit so small it fitted in a tweet has been upgraded to infect OS X machines after Apple closed that particular hole. The malware once used the patched OS X DYLD_PRINT_TO_FILE vulnerability that grants attackers root privilege escalation through trivial code. This was fixed in the OS X …
Darren Pauli, 01 Sep 2015
US cashpoint. Pic: Tax Credits

'Self-deleting' Mexican ATM malware let sneaky miscreants slurp cash

Security researchers have lifted the lid on a new ATM malware strain, dubbed GreenDispenser, which gives crooks the ability to walk up to a compromised machine and drain its cash. When installed, GreenDispenser displays an “out of service” message on the ATM – but attackers who enter the correct pin codes can then drain the …
John Leyden, 25 Sep 2015

Cyber crims up the ante with Google Play brainteaser malware

Android malware bundled in an intelligence-testing game has been published to the official Google Play Store, not once but twice, claiming hundreds of thousands of victims in the process. Dodgy versions of a gaming app called BrainTest were able to bypass Google’s security scanning of mobile apps using a range of techniques. …
John Leyden, 22 Sep 2015

Dangerous resurgent banking malware hits UK

The formidable Dyreza and Dridex banking malware are back in renewed and rejigged macro-based campaigns that includes a shift by the former to target industrial supply chain organisations and by the latter to smash the UK. Both malware instances are dangerous. Dyreza is a powerful man-in-the-browser bank trojan whose creators …
Darren Pauli, 02 Oct 2015

Mashed together malware threatens Japanese online banking users

Customers of Japanese banks are on the front line of attacks based on a new and sophisticated banking trojan, mashed together from leaked bits of malware code. Shifu (named after the Japanese word for thief) is targeting 14 Japanese banks as well as electronic banking platforms used across Europe, according to security …
John Leyden, 01 Sep 2015

Malwarebytes slurps startup, hopes to belch out Mac malware zapper

Security software firm Malwarebytes is moving into the Mac security software market with the acquisition of a start-up and the launch of its first anti-malware product for Apple computers. Malwarebytes Anti-Malware for Mac is designed to detect and remove malware, adware, and PUPs (potentially unwanted programs). The release …
John Leyden, 15 Jul 2015

Murder suspect alert? Nah: Scammers fling cop-style malware

A new email scam attempts to trick marks into opening a dodgy email attachment by posing as a murder suspect bulletin from “London City Police”.* The fake email alert is designed to appear important, but also somewhat ambiguous, in a deliberate attempt to trick users into opening the zip attachment. The arresting scam is more …
John Leyden, 15 Sep 2015
Tiltshift Manipulated Sandpit by cc 2.0 attribution

Nasty Dyre malware bests white hat sandboxes

Seculert CTO Aviv Raff says a nasty piece of malware linked to widespread destruction and bank account plundering has become more dangerous with the ability to evade popular sandboxes. Raff says the Dyre malware ducks popular sandbox tools by detecting the number of cores in use. The known but effective and previously unused …
Darren Pauli, 04 May 2015

Apple cleans up iOS App Store after first big malware attack

Apple is cleaning up its official iOS App Store after the first large-scale attack on its walled garden mobile software site. The Xcode development tools used by iOS app makers was copied, modified, and distributed online, by hackers to inject malicious code into apps available on the App Store, as previously reported. Palo …
John Leyden, 21 Sep 2015
iPad Psycho image

iOS malware YiSpecter: iPhones menaced by software nasty

Updated The first iOS malware capable of attacking both non-jailbroken and jailbroken devices has surfaced online. The mobile malware nasty YiSpecter hooks into private APIs in iOS 8 to perform malicious actions, and has been in the wild for at least 10 months, mostly in China and Taiwan, since November 2014 if not earlier. YiSpecter …
John Leyden, 05 Oct 2015

OS X remote malware strikes Thunderbolt, hops hard drive swaps

BlackHat video Researchers Trammel Hudson and Xeno Kovah have built a self-replicating Apple firmware malware that can infect peripherals to spread to new computers. The ThunderStrike 2 malware is the second iteration of the attack forged earlier this year and liberates the requirement for attackers to have physical access to machines. …
Darren Pauli, 04 Aug 2015
Jamie Oliver

Jamie Oliver's ministry of malware served slops AGAIN

Celebrity chef, food activist and supermarket promoter Jamie Oliver's website has been compromised for the third time this year. As with the previous two attacks, the WordPress site is serving up a password stealer, according to Malwarebytes, which hat-tipped Twitter account @hasherezade for the information. Malwarebytes says …

Microsoft puts a bullet in blundering D-Link's leaked key that made malware VIPs on PCs

Microsoft has finally revoked D-Link's leaked code-signing key, which gave malware the red carpet treatment on millions of Windows PCs. Last week, it emerged that, for six months between February and September, D-Link exposed its private code-signing key to the world in a firmware download. Anyone who stumbled upon this key …
Chris Williams, 24 Sep 2015

Small businesses trashed in big malware campaign

Kaspersky researcher Ido Noar says attackers have hit hundreds of small and medium businesses, stealing credentials and documents in a noisy smash-and-grab campaign. Noar says criminals have stolen some 10,000 documents from nanotechnology, education, and media outfits in an attack that foists a newly-discovered strain of …
Darren Pauli, 29 May 2015

Outbreak! Fake Amazon voucher offer seeds mobile malware attack

Spoofed Amazon vouchers are being used to spearhead a campaign to contaminate Android mobiles with malware, messaging security firm AdaptiveMobile warns. The attack, dubbed "Gazon", sends messages to victims’ mobile phone contacts linking to supposed offers for (non-existent) Amazon vouchers fictitiously promising a gift of $200 …
John Leyden, 04 Mar 2015

Tits and ads: Malware-riddled banners stiff X-rated websites

An ongoing malvertising campaign that began in August by targeting, and other websites visited by millions of people has expanded to hit smut sites as well. Many porn websites have been fingered with tainted advertisements via an ad network called TrafficHaus, a big player in supplying ads to adult networks …
John Leyden, 25 Sep 2015

MS scolds businesses for failing to eradicate 7-year-old malware

Zero-day threats and custom malware get all the publicity, but age-old malware strains including ZeuS and Conficker remain active in UK corporates. “The bad guys don’t have to be smart, they can use something that’s 7-8 years old,” Stuart Aston, chief security advisor at Microsoft UK, told delegates at the RSA Unplugged mini- …
John Leyden, 04 Jun 2015

Three Estonians jailed for malware spree that infected 4 MILLION computers

Three Estonians have been sentenced to a cumulative 11 years for their cybercrime activities which infected more than four million computers with malware across more than 100 countries. The three crims, who were sent down by US District Judge Lewis A. Kaplan in Manhattan on Thursday, were: Timur Gerassimenko, 35, who received …

Regin super-malware has Five Eyes fingerprints all over it says Kaspersky

The Regin malware, often described as the devil spawn of Stuxnet and Duqu, is the handiwork of the Five Eyes nation state spy apparatus, analysis reveals. The malware was named in November by researchers impressed with the smarts that helped it hide in plain sight for up to six years. Analysis overnight by Kaspersky malware …
Darren Pauli, 28 Jan 2015

Undetectable NSA-linked hybrid malware hits Intel Security radar

CTB Locker ransomware attacks rose 165 per cent in the first three months of 2015. More than a third (35 per cent) of victims were based in Europe, McAfee Labs reported. CTB Locker encrypts files and holds them hostage until the ransom is paid. As such, the crimeware is picking up the baton that dropped with the takedown of the …
John Leyden, 09 Jun 2015

Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not

Fears that malware is hiding in people's graphics chipsets may be overclocked, according to Intel Security. Earlier this year, researchers from the self-styled “Team JellyFish” released a proof-of-concept software nasty capable of exploiting GPUs to swipe passwords and other information typed in by a PC's user. The same …
John Leyden, 01 Sep 2015
Cartoon of  green skeletal figure reaching out of phone

DARPA-funded team says it can SMELL Android malware

A trio of DARPA-backed Iowa State University researchers have developed a tool to help speed up android malware analysis. The Security Toolbox developed by the DARPA blue team uses features including 'smells' which sport stronger heuristics to flag possible signs of hidden malware badness. Benjamin Holland, Tom Deering, and …
Darren Pauli, 09 Apr 2015

'Ruskie' malware pwns iOS 7

Attackers, perhaps of Russian origin are infecting the iPhones linked to government, defence and media sectors with dangerous spy malware capable of breaching non-jailbroken devices, researchers say. The XAgent malware part of attacks unveiled last year against Windows devices has moved to iOS targeting iOS 7 and to much lesser …
Darren Pauli, 05 Feb 2015

Macroviruses are BACK and are the future of malware, says Microsoft

Macro malware is making a comeback with one nineties nasty infecting half a million computers, Microsoft says. Macro viruses took a battering over the last decade after Redmond spent a decade boosting security in its Office suites to reduce the likelihood that users would execute malicious macros. Word processors throw warnings …
Darren Pauli, 30 Apr 2015

AT LAST: Australia gets its very own malware

Australians are being targeted by a new variant of the Carberp malware under what appears to be renewed criminal interest in the antipodes. The modified trojan, Carberp.C, was spread through a spam operation masquerading as a payment invoice. Virus writers pushed the malware out a day after coding it, Symantec researcher …
Darren Pauli, 19 Jan 2015
Close-up of the flu virus (artist's impression) - Shutterstock

Malware uses Windows product IDs to mix mutex

Malware writers are using Windows unique product numbers to generate mutex values to evade researchers, SANS security boffin Lenny Zeltser says. Mutex values are used as an accurate reference to determine if multiple identical processes are running. Malware including the infamous BackOff credit card stealer has used mutex for …
Darren Pauli, 11 Mar 2015

21st century malware found in Jane Austen's 19th century prose

Cisco's 2015 Midyear Security Report has revealed that at least one group of malware-spreading scum has a literary bent. The report found one group of criminals who were hosting a webpage designed to inject exploit code into unpatched browsers. Typically these landing pages have very little on them, often just random text, but …
Iain Thomson, 28 Jul 2015

Screech! Grand Theft Auto V malware mods warning

Cybercrooks are cooking up malware disguised as mods for the Grand Theft Auto V video game. GTA V allows players to modify their gaming environment with "mods" (modifications). It's all been good fun, but recently two of the mods – "Angry Planes" and "No Clip" – have generated warnings on forums frequented by fans of the game. …
John Leyden, 18 May 2015

158 new malware created EVERY MINUTE

Malware monitors PandaLabs says 227,747 new malware samples are released every day. The findings from its recent survey found 20 million samples were created in the third quarter of 2014. Three quarters of infections were trojans while only 9 percent were viruses and 4 percent worms. The number of trojans rose 13 percent over …
Darren Pauli, 06 Nov 2014

Duqu 2.0‬ malware buried into Windows PCs using 'stolen Foxconn certs'

The super-sophisticated malware that infiltrated Kaspersky Labs is craftier than first imagined. We're told that the Duqu 2.0 software nasty was signed using legit digital certificates issued to Foxconn – a world-leading Chinese electronics manufacturer, whose customers include Microsoft, Dell, Google, BlackBerry, Amazon, Apple …
John Leyden, 15 Jun 2015

FBI opens Malware Investigator portal to industry

The Federal Bureau of Investigations has released a formerly in-house malware-analysing portal to help speed up incident responses and help industry and law enforcement with investigations. The G-men hope the Malware Investigator portal can let businesses build responses to new malware without such heavy reverse-engineering …
Darren Pauli, 30 Sep 2014

D-Link spilled its private key onto the web – letting malware dress up as Windows apps

Updated Taiwanese networking kit maker D-Link leaked a private code-signing key onto the internet for anyone to download. This is rather embarrassing because this key can be used to trick Windows computers into trusting and running malware. An eagle-eyed netizen told on Thursday that the code-signing key appeared in a …
Chris Williams, 18 Sep 2015
Cartoon of  green skeletal figure reaching out of phone

Fraudsters target Nazi Android malware at Russian bank customers

Alleged members of a gang of "cyber-fascist" Android malware-slingers have been arrested in Russia. The alleged perps behind the scam targeted customers of Russian bank Sberbank with software they called "Fifth Reich", which used Nazi symbols in the management system. Fraudsters targeted malware attacks at Android-operated …
John Leyden, 13 Apr 2015

Ad slingers beware! Google raises Red Screen of malware Dearth

Watch out dodgy ad slingers and news sites; Google is expanding its 'last line of defence' Chrome feature to brand all security-slacker ad networks as unsafe. The Chocolate Factory will, over coming weeks, expand its Safe Browsing feature such that it throws an ominous Red Screen™ in front of ad networks it says have poor …
Darren Pauli, 17 Jul 2015
Malware image

Wicked WikiLeaks leaks considered harmful: Alert over malware lurking in dumped docs

Documents laced with malware have been found in's cache of files obtained from hacked CIA wannabe Stratfor. Intelligence biz Stratfor was ransacked by Jeremy Hammond in late 2011, and its email archives passed to whistleblowing website WikiLeaks in early 2012. The Julian Assange™-led organization soon began …
Chris Williams, 17 Jul 2015

Israeli gov & boffins targeted by pr0ntastic malware from Gaza

Hackers from Gaza and Egypt appear to have teamed up in order to attack Israeli government, research, infrastructure and military networks. Security researchers at Trend Micro have traced ongoing malware-based attacks against Israeli organisations back to Gaza. Trend have uncovered two separate, but interconnected campaigns. …
John Leyden, 16 Feb 2015

Ebay snuffs malware upload bug

Hacker Aditya Sood has disclosed two vulnerabilities in eBay that allow hackers to upload files for drive-by-download attacks. The security bod (@AdityaKSood) told ThreatPost the flaws allow attackers to upload malicious content that appear to be benign. Once uploaded to eBay, malware can be sent to victims using direct links …
Darren Pauli, 31 Mar 2015

'Rombertik' malware kills host computers if you attempt a cure

Cisco researchers Ben Baker and Alex Chiu have found new malware that destroys a machine's Master Boot Record and home directories if it detects meddling white hats. The pair from the Borg's TALOS malware probing department say the "Rombertik" malware is designed to steal keystrokes and data and targets Windows users through …
Darren Pauli, 05 May 2015

Penn State University network sacked by China malware blitz

Penn State University has had to take networks in its school of engineering offline after falling victim to a malware attack traced partially to China. Acting on an FBI tip, the school found that PCs on the network of its College of Engineering were infected with malware that appeared to be trying to harvest research data and …
Shaun Nichols, 15 May 2015

Favicons used to update world's 'most dangerous' malware

Developer Jakub Kroustek has found new features in the dangerous Vawtrak malware that allow it to send and receive data through encrypted favicons distributed over the Tor network. The AVG security bod reveals the features in a report (pdf) into the malware which is considered one of the worst single threats in existence. He …
Darren Pauli, 25 Mar 2015
The Bundestag in Berlin. Pic: Hernán Piñera

Confusion reigns as Bundestag malware clean-up staggers on

A malware infestation at the Bundestag is proving harder to clean up than first predicted, with several unconfirmed local reports going as far as suggesting that techies might have to rebuild the entire network from scratch. As previously reported, a state-sponsored attack is suspected for the widespread infection of systems …
John Leyden, 12 Jun 2015

Android malware hijacks power button, empties wallet while you sleep

Security biz AVG has spotted an outbreak of a new kind of Android malware that will come alive even when the phone is supposedly switched off. The software nasty is able to do this by hijacking the mobe's power-off sequence. Android malware No shutdown for you! Part of the Android shutdown sequence "After pressing the power …
Iain Thomson, 19 Feb 2015

Windows and OS X are malware, claims Richard Stallman

Linux GNU firebrand Richard Stallman says Windows and Apple's OS X are malware, Amazon is Orwellian, and anyone who trusts the internet-of-things is an ass. In a column for The Grauniad Stallman preaches to the non-technical masses about the evils of proprietary software and vendor lock-in, and how closed-door coding …
Darren Pauli, 25 May 2015

You've been Drudged! Malware-squirting ads appear on websites with 100+ million visitors

Internet lowlifes who used Yahoo! ads to infect potentially countless PCs with malware have struck again – using adverts on popular websites to reach millions more people. Security researchers at MalwareBytes this week discovered the crooks running another massive campaign of ads that use the Angler Exploit Kit to infiltrate …
Shaun Nichols, 14 Aug 2015